PhpBB Tips
I recently had to help a client better their PhpBB forum security without hindering certain groups. I do not use PhpBB myself, but the way it is coded is interesting. I had to get some help on this and the rest I added in.
First of all if you want to have CAPTCHA for all Members even registered ones, but not certain groups then do this:
Create Special Group
1. Login Admin Panel and select "Users and Groups"
2. Click "Manage Groups"
3. On right create a new Group called, "Special" or whatever name you want
4. Now in the fields that follow: Put group type as "Hidden" if you do not want others to know about it
5. Copy permissions from a group you want, possibly "Registered Users"
6. [Save], you should get a green success box.
Add Members To Group
1. Under General tab click on "Manage Groups"
2. On the right you will see a bar with the special group you created. Click "Members" in that bar
3. Place the names of the Users to be in this group in the text field under "Add Users"
4. [Submit] and you should get a green box
Finding Group ID
1. Under General tab click on "Manage Groups"
2. On the right you will see a bar with the special group you created. Point to "Members" in that bar
3. Within your browser's status bar look for the last number in the address, that is the ID. For example:
Source 6 <-- that 7 is the group ID of the group you created
Continued below...
Open up posting.php from your forum folder. Make sure to do this in Notepad:
Look for:
CODE |
include($phpbb_root_path . 'includes/message_parser.' . $phpEx); |
CODE |
// CUSTOM include($phpbb_root_path . 'includes/functions_user.' . $phpEx); |
CODE |
include($phpbb_root_path . 'includes/functions_user.' . $phpEx); |
CODE |
// include($phpbb_root_path . 'includes/functions_user.' . $phpEx); |
CODE |
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) { |
CODE |
// CUSTOM change "76" to the special group ID if ($config['enable_post_confirm'] && !group_memberships(array(76,100), $user->data['user_id'], true) && in_array($mode, array('quote', 'post', 'reply'))){ |
CODE |
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_captcha === false && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) { |
CODE |
// CUSTOM change "76" to the special group ID if ($config['enable_post_confirm'] && !group_memberships(array(76,100), $user->data['user_id'], true) && $solved_captcha === false && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')){ |
Results
Guests see this CAPTCHA when posting, but so too will Registered Members if you want to make it hard for them as well (for whatever reason), but you can limit that to special groups so they do not see the CAPTCHA seen below:
Phpbb Tips (Hover)
In case anyone needs it I found this helpful in knowing which functions did what in PhpBB 2 at a glance: PhpBB 2.0 Database Abstraction Layer. I don't know if this is the same for PhpBB 3.